Il giorno 15/feb/2013, alle ore 12:30, Nick Coghlan <ncogh...@gmail.com> ha scritto:
> On Fri, Feb 15, 2013 at 7:28 PM, Tarek Ziadé <ta...@ziade.org> wrote: >> Looks completely legit to me, unfortunately... So until we catch that fish, >> damage can already be done. > > When you're already in a (security) hole, the first thing you need to > do is *stop digging*. > > We have a handful of projects which need to trusted way to distribute > a Python script in order to bootstrap installation tools on current > versions of Python. That's a real problem, and this proposal is a good > solution for that. > > Generalising that to grant the ability to upload arbitrary bootstrap > scripts to every project for no good reason is making a bad situation > worse, for zero payoff. So let's not do that. For projects other than > distribute or pip, the bootstrap process should be: > > 1. Bootstrap pip > 2. pip install project > > Or, if the project needs egg support: > > 1. Bootstrap distribute > 2. easy_install project Strong +1. -- Giovanni Bajo :: ra...@develer.com Develer S.r.l. :: http://www.develer.com My Blog: http://giovanni.bajo.it
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
